Decentralized computation system architecture based on node specialization

ABSTRACT

Described are systems, methods, and media for providing secure and scalable decentralized computation for one or more decentralized applications. Features include a blockchain; and a plurality of nodes comprising a plurality of each of three specialized node types, the specialized node types comprising access nodes, security nodes, and execution nodes.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No.62/676,131, filed May 24, 2018, the entire contents of which is herebyincorporated by reference in its entirety.

BACKGROUND

A distributed ledger can be described as a ledger of any transactions orcontracts maintained in decentralized form across different locationsand people, eliminating the need of a central authority to keep a checkagainst manipulation. All the information on it is securely andaccurately stored using cryptography and can be accessed using keys andcryptographic signatures. Once the information is stored, it becomes animmutable database, which the rules of the network govern. Distributedledgers are inherently harder to attack than, for example, a centralizedledger because all the distributed copies need to be attackedsimultaneously for an attack to be successful. Moreover, these recordsare resistant to malicious changes by a single party.

SUMMARY OF THE INVENTION

Antifragility is a commitment to relentlessly iterating a system untilit satisfies a set of requirements. Moreover, lean product developmentmethods and fast iteration cycles create products that serve user needsin record time. To that end, evolving software to address the variousneeds and problems uncovered in early development phases is critical. Assuch, a development team must react quickly to insights gleaned duringthis stage and complete any improvements needed as efficiently aspossible. Overtime, the system will grow and mature, and, as a result,development shifts will happen more slowly to accommodate a growing userbase. But it is critical to start with a small system that works for itsinitial users so a more complex system can, eventually, grow out of it.

Gall's law states: “a complex system that works is invariably found tohave evolved from a simple system that worked. A complex system designedfrom scratch never works and cannot be patched up to make it work. Youhave to start over with a working simple system.” This observationprovides a framework under which large, complex, and interconnectedsystem are designed. Reliability and resiliency for the ecosystem arethe result of continuous improvement, not an unrealistic goal to get itright on day one.

Efficiency is a multi-faceted pillar that addresses two substantialproblems observed in the blockchain space. The first is Proof of Work(PoW), which is consistently criticized for its excessive use of powerand inefficient resource allocation. We reject PoW as an option forsecuring a system. The second issue is the significant amount ofduplicate effort a blockchain requires to operate, even in a Proof ofStake (PoS) based system which still requires all the nodes to hold allthe state even though they are not solving a PoW problem. In atraditional blockchain, for example, each node must perform every taskassociated with block production. This duplication is not only achokepoint for scale, it is a poor allocation of resources that would bebetter served if applied to their respective strengths.

Moreover, one of the compelling use-case of blockchain technology is theability to create permissionless and autonomous software systems.Moreover, the long-run value of an ecosystem of autonomous,interoperable software may indeed stand as the most compelling outcomeof the decentralized revolution. The overwhelming majority of existingproposals for open, consumer-scale blockchain systems depend on somekind of sharding. While the various approaches to sharding legitimatelyincrease the number of transactions the network is able to handle, theyseverely limit the capability of those transactions. In particular, eachtransaction is only able to read and modify information within its ownshard. In some sharded blockchain implementations, communication withother shards must occur asynchronously and—without expensive andcomplicated locking operations—runs the risk of acting on staleinformation. Moreover, existing proposal for a sharded blockchain do notprovide the ability for a single atomic transaction to interact withmultiple shards. For example, a separate transaction must be issued oneach shard, and if atomicity guarantees are required (for example, ifthere is some reciprocal exchange of value), there must be some kind ofcomplex locking and commitment system built on top of the blockchain.

In some embodiments, the described decentralized computation systemprovides an architectural approach with high throughput and no-sharding,which results in composability. In some embodiments, such composabilityprovides for complex new trustless systems to be created through a novelcombination of simpler trustless systems. The described decentralizedcomputation system can be employed to, for example, supportdecentralized applications. In some embodiments, the describeddecentralized computation system divides a peer-to-peer network intothree distinct node types, each responsible for one of three criticaltasks: accessing the network from outside, securing the network fromattacks, and computing the state of the network. Such separation ofconcerns enables node specialization, which dramatically improves thethroughput of the network while enhancing the security anddecentralization possibilities of the deployed system. Additionally,composability is a powerful manifestation of software reuse, butcomposability without atomicity can lead to inconsistent results (e.g.,“weird states”). As such, the described decentralized computation systememploys a scaling mechanism that allows each transaction the ability toatomically access and modify any part of the canonical state with whichit is authorized to interact.

In one aspect, disclosed herein is a decentralized computation systemfor providing secure and scalable decentralized computation for one ormore decentralized applications comprises: a blockchain; and a pluralityof nodes comprising a plurality of each of three specialized node types,the specialized node types comprising access nodes, security nodes, andexecution nodes; the access nodes configured to perform at least:receiving one or more transactions from at least one client, the one ormore transactions each comprising transaction text and credentials;cryptographically signing a hash for each of the transaction text of theone or more transactions based on a determination that the one or moretransactions are well-formed; providing the one or more signed hashes tothe security node for validation; and providing a state response to theat least one client, the state response determined based on an outputfor a block; the security nodes configured to perform at least:generating a candidate block comprising the one or more signed hashes;finalizing the candidate block by performing a Byzantine fault tolerance(BFT) consensus algorithm to validate that a threshold number of accessnodes determined that the one or more transactions were well-formedbased on the one or more signed hashes; and providing the finalizedblock to the execution nodes; and the execution nodes configured toperform at least: receiving, from the access nodes, the transaction textfor each of the one or more transactions based on a query provided tothe access nodes, the query determined according to the block;presenting a hashed commitment of the output for the block to the otherexecution nodes, the output for the block determined based on thetransaction text for each of the one or more transactions; and revealingthe output to the access nodes when each of the other execution nodeshas presented the output for the block. In some embodiments, thesecurity nodes comprise more nodes than the access nodes and the accessnodes comprise more nodes than the execution nodes. In some embodiments,each of the execution nodes has more computational power than each ofthe access nodes and each of the access nodes has more computationalpower than each of the security nodes. In some embodiments, the accessnodes are configured to perform at least: providing the one or moresigned hashes to the security nodes when a consensus is reached by theaccess nodes that the one or more transactions are well-formed. In someembodiments, the transaction texts for each of the one or moretransactions are persisted by the access nodes until the execution nodesprovide the hashed commitment of the output for the finalized block. Insome embodiments, the access nodes are configured to perform at least:providing the transaction text for each of the one or more transactionswhen queried by the execution nodes. In some embodiments, the accessnodes are configured to perform at least: receiving the hashedcommitment of the output for the finalized block from the executionnodes; and providing a query verifying the output for the finalizedblock to a set of the execution nodes. In some embodiments, theexecution nodes are configured to perform at least: providing the outputfor the finalized block to the access nodes in response to receiving thequery verifying the output for the finalized block. In some embodiments,the access nodes are configured to perform at least: storing a cache ofthe output for the finalized block; and providing, to the client,results of computations for the one or more transactions based on theoutput for the finalized block. In some embodiments, the credentials arefor a guarantor of the one or more transactions. In some embodiments,the access nodes are configured to determine that the one or moretransactions are well-formed by checking the credentials of the one ormore transactions. In some embodiments, the one or more signed hashesindicate that the respective one or more transactions are well-formedand that the respective one or more transaction texts will be persisteduntil the execution nodes have finished processing the one or moretransactions. In some embodiments, the execution nodes store an entirecanonical state of the blockchain. In some embodiments, only theexecution nodes store the entire canonical state of the blockchain. Insome embodiments, the access nodes are slashed if they provide atransaction that is ill-formed or if they fail to store the transactiontext of the one or more transactions. In some embodiments, the securitynodes are slashed if they finalize an invalid block. In someembodiments, the system provides the decentralized computation for theone or more decentralized applications without sharding or dividing anetwork into two or more subunits that interact asynchronously. In someembodiments, the system provides the decentralized computation for, morethan 10, more than 100, or more than 1000 decentralized applications. Insome embodiments, the decentralized computation for the one or moredecentralized applications comprises more than 1000transactions-per-second (tps), more than 50,000 tps, or more than100,000 tps. In some embodiments, the BFT consensus algorithm comprisesa variant of Casper correct-by-construction (CBC) or Tendermint-derivedscalable BFT (SBFT), Hot Stuff, or Fantomette. In some embodiments, theaccess nodes are configured to perform at least: bundling the one ormore signed hashes into a collection, wherein the one or more signedhashes are provided to the security node for validation as thecollection. In some embodiments, the security nodes are configured toperform at least: gathering the collection and other collections,provided by access nodes to generate the block. In some embodiments, thecandidate block is generated by a group of the security nodes, the groupdetermined according to the BFT consensus algorithm. In someembodiments, the group comprises a subset of the security nodes. In someembodiments, the group comprises all of the security nodes. In someembodiments, the finalized block determines an order of transactions.

In another aspect, a decentralized computation system for adding a blockto a blockchain comprises: access nodes configured to receive, from aclient, one or more transactions, determine that the one or moretransactions are well-formed, and provide responses to queries relatedto a canonical state for the blockchain; security nodes configured toprovide a guarantee for the block through a BFT consensus algorithmemployed to finalize the one or more transactions; and execution nodesconfigured to determine a result for each of the one or moretransactions, once finalized, and store the canonical state of theblockchain. In some embodiments, the one or more transactions eachcomprise transaction text and credentials. In some embodiments, thecredentials are for a guarantor of the one or more transactions. In someembodiments, the access nodes are configured persist the transactiontext for each of the one or more transactions until the execution nodespresent a hashed commitment of the output for the block. In someembodiments, the access nodes are configured to provide the transactiontext for each of the one or more transactions when queried by theexecution nodes. In some embodiments, the access nodes are configured tocryptographically sign a hash for each of the transaction texts based ona determination that the one or more transactions are well-formed, andwherein the block comprises the one or more signed hashes. In someembodiments, the access nodes determine that the one or moretransactions are well-formed by checking the credentials of the one ormore transactions. In some embodiments, the one or more signed hashes ofthe transaction text of the one or more transactions indicate that therespective one or more transactions are well-formed and that therespective one or more transaction texts will be persisted until theexecution nodes have finished processing the one or more transactions.In some embodiments, the access nodes are configured to provide the oneor more signed hashes to the security nodes when a consensus is reachedby the access nodes that the one or more transactions are well-formed.In some embodiments, the access nodes are configured to bundle the oneor more signed hashes into a collection, wherein the one or more signedhashes are provided to the security nodes for validation as thecollection. In some embodiments, the access nodes are configured tobundle the one or more signed hashes into a collection, wherein the oneor more signed hashes are provided to the security nodes for validationas the collection. In some embodiments, the security nodes areconfigured to provide the guarantee for the block by performing the BFTconsensus algorithm to validate a threshold number of access nodesdetermined that the one or more transactions were well-formed based onthe one or more signed hashes. In some embodiments, the block isgenerated by a group of the security nodes, the group determinedaccording to the BFT consensus algorithm. In some embodiments, the groupcomprises a subset of the security nodes. In some embodiments, the groupcomprises all of the security nodes. In some embodiments, the securitynodes are configured, when a member of the group, to: gather thecollection and other collections, provided by the access nodes, andgenerate the block. In some embodiments, the execution nodes areconfigured to determine a result for each of the one or moretransactions by receiving, from the access nodes, the transaction textfor each of the one or more transactions based on a query provided tothe access nodes, the query determined according to the finalized block.In some embodiments, the execution nodes are configured to: determine anoutput for the finalized block based on the transaction text for each ofthe one or more transactions; present a hashed commitment of the outputfor the finalized block to the other execution nodes; reveal the outputfor the finalized block to the access nodes when each of the otherexecution nodes has presented the output for the finalized block. Insome embodiments, the access nodes are configured to provide a stateresponse to the client, the state response determined based on theoutput for the finalized block. In some embodiments, the security nodescomprise more nodes than the access nodes and the access nodes comprisemore nodes than the execution nodes. In some embodiments, each of theexecution nodes has more computational power than each of the accessnodes and each of the access nodes has more computational power thaneach of the security nodes. In some embodiments, the access nodes areconfigured to: receive a hashed commitment of an output for the block;and provide a query verifying the output for the block to a set of theexecution nodes. In some embodiments, the execution nodes are configuredto provide the output for the block to the access nodes in response toreceiving the query verifying the output for the block. In someembodiments, the access nodes are configured to: store a cache of anoutput for the block; and provide, to the client, results ofcomputations for the one or more transactions based on the output forthe block. In some embodiments, the execution nodes store an entirecanonical state of the blockchain. In some embodiments, only theexecution nodes store the entire canonical state of the blockchain. Insome embodiments, the access nodes are slashed if they provide a signedhash for a transaction that is ill-formed or if they fail to store atransactions text of the one or more transactions. In some embodiments,the security nodes are slashed if they finalize an invalid block. Insome embodiments, the system is configured to provide secure andscalable decentralized computation for one or more decentralizedapplications. In some embodiments, the system provides the decentralizedcomputation for the one or more decentralized applications withoutsharding or dividing a network into two or more subunits that interactasynchronously. In some embodiments, the decentralized computation forthe one or more decentralized applications comprises more than 1000 tps,more than 50,000 tps, or more than 100,000 tps. In some embodiments, thesystem is configured to provide decentralized computation for, more than10, more than 100, or more than 1000 decentralized applications. In someembodiments, the BFT consensus algorithm comprises a variant of CBC,Tendermint-derived SBFT, Hot Stuff, or Fantomette. In some embodiments,the block determines an order of the transactions.

In another aspect, disclosed herein is a computer-implemented method ofadding a block to a blockchain comprises: receiving, through a pluralityof access nodes, one or more transactions from a client; determine,through the access nodes, that the one or more transactions arewell-formed; providing, through a plurality of security nodes, aguarantee for the block through a Byzantine fault tolerance (BFT)consensus algorithm employed to finalize the block; determining, througha plurality execution nodes, a result for each of the one or moretransactions, once the block is finalized; storing, through theexecution nodes, a canonical state of the blockchain; and providing,through the access nodes, responses to queries related the canonicalstate for the blockchain. In some embodiments, the one or moretransactions each comprise transaction text and credentials. In someembodiments, the credentials are for a guarantor of the one or moretransactions. In some embodiments, the method comprises: persisting,through the access nodes, the transaction text for each of the one ormore transactions until the execution nodes present a hashed commitmentof the output of the block. In some embodiments, the method comprises:providing, through the access nodes, the transaction text for each ofthe one or more transactions when queried by the execution nodes. Insome embodiments, the method comprises: cryptographically signing,through the access nodes, a hash for each of the transaction text basedon a determination that the one or more transactions are well-formed;and providing, through the access nodes, the one or more signed hashesto the security nodes for validation. In some embodiments, the methodcomprises: checking, through the access nodes, the credentials of theone or more transactions to determine that the one or more transactionsare well-formed. In some embodiments, the one or more signed hashesindicate that the respective one or more transactions are well-formedand that the respective one or more transaction texts will be persisteduntil the execution nodes have finished processing the one or moretransactions. In some embodiments, the method comprises: providing,through the access nodes, the one or more signed hashes to the securitynodes when a consensus is reached by the access nodes that the one ormore transactions are well-formed. In some embodiments, the methodcomprises: bundling, through the access nodes, the one or more signedhashes into a collection, wherein the one or more signed hashes areprovided to the security nodes for validation as the collection. In someembodiments, the method comprises: providing, through the securitynodes, the guarantee for the block by performing the BFT consensusalgorithm to: validate a threshold number of access nodes determinedthat the one or more transactions were well-formed based on the one ormore signed hashes, and finalize the block. In some embodiments, themethod comprises: generating, with a group of the security nodes, theblock as a candidate block, the group determined according to the BFTconsensus algorithm. In some embodiments, the group comprises a subsetof the security nodes. In some embodiments, the group comprises all ofthe security nodes. In some embodiments, the candidate block isgenerated by gathering, through the group of security nodes, thecollection and other collections, provided by the access nodes. In someembodiments, the method comprises: determining, through the executionnodes, a query according to the finalized block; determining, throughthe access nodes, the transaction text for each of the one or moretransactions based on the query; and determining, through the executionnodes, a result for each of the one or more transactions based on thetransaction text for each of the one or more transactions. In someembodiments, the method comprises: determining, through the executionnodes, an output for the finalized block based on the transaction textfor each of the one or more transactions; presenting, through theexecution nodes, a hashed commitment of the output for the finalizedblock to the other execution nodes; and revealing, through the executionnodes, the output for the finalized block to the access nodes when eachof the other execution nodes have presented of the output for thefinalized block. In some embodiments, the method comprises: providing,through the access nodes, a state response to the client, the stateresponse determined based on the output for the finalized block. In someembodiments, the method comprises: persisting, through the access nodes,the transaction text for each of the one or more transactions until theexecution nodes present the hashed commitment of the output of thefinalized block. In some embodiments, the method comprises: providing,through the access nodes, the transaction text for each of the one ormore transactions when queried by the execution nodes. In someembodiments, the security nodes comprise more nodes than the accessnodes and the access nodes comprise more nodes than the execution nodes.In some embodiments, each of the execution nodes has more computationalpower than each of the access nodes and each of the access nodes hasmore computational power than each of the security nodes. In someembodiments, the method comprises: receiving, through the access nodes,a hashed commitment of an output for the block from the execution nodes;and providing, through the access nodes, a query verifying the outputfor the block to a set of the execution nodes. In some embodiments, themethod comprises: providing, through the execution nodes, the output forthe block in response to receiving the query verifying the output forthe block. In some embodiments, the method comprises: storing, throughthe access nodes, a cache of an output for the block; and providing, tothe client through the access nodes, results of computations for the oneor more transactions based on the output for the block. In someembodiments, the method comprises: storing, through the execution nodes,an entire canonical state of the blockchain. In some embodiments, themethod comprises: storing, through only the execution nodes, the entirecanonical state of the blockchain. In some embodiments, the methodcomprises: slashing the access nodes if they provide a signed hash for atransaction that is ill-formed or if they fail to store a transactionstext of the one or more transactions. In some embodiments, the methodcomprises: slashing the security nodes if they finalize an invalidblock. In some embodiments, the method comprises: providing secure andscalable decentralized computation for one or more decentralizedapplications. In some embodiments, the method comprises: providing thedecentralized computation for the one or more decentralized applicationswithout sharding or dividing a network into two or more subunits thatinteract asynchronously. In some embodiments, the decentralizedcomputation for the one or more decentralized applications comprisesmore than 1000 transactions-per-second (tps), more than 50,000 tps, ormore than 100,000 tps. In some embodiments, the method comprises:providing decentralized computation for, more than 10, more than 100, ormore than 1000 decentralized applications. In some embodiments, the BFTconsensus algorithm comprises a variant of Caspercorrect-by-construction (CBC), Tendermint-derived scalable BFT (SBFT),Hot Stuff, or Fantomette. In some embodiments, the finalized blockdetermines an order of the transactions.

In another aspect, disclosed herein are one or more non-transitorycomputer-readable storage media coupled to one or more processors andhaving instructions stored thereon which, when executed by the one ormore processors, cause the one or more processors to perform operationsto provide a secure and scalable decentralized computation for one ormore decentralized applications through a plurality of nodes comprisinga plurality of each of three specialized node types, the specializednode types comprising access nodes, security nodes, and execution nodes,the operations comprising: receiving, through a plurality of accessnodes, one or more transactions from a client; determine, through theaccess nodes, that the one or more transactions are well-formed;providing, through a plurality of security nodes, a guarantee for theblock through a BFT consensus algorithm employed to finalize block;determining, through a plurality execution nodes, a result for each ofthe one or more transactions, once the block is finalized; storing,through the execution nodes, a canonical state of a blockchain; andproviding, through the access nodes, responses to queries related thecanonical state for the blockchain. In some embodiments, the one or moretransactions each comprise transaction text and credentials. In someembodiments, the credentials are for a guarantor of the one or moretransactions. In some embodiments, the operations comprise: persisting,through the access nodes, the transaction text for each of the one ormore transactions until the execution nodes present a hashed commitmentof the output of the block. In some embodiments, the operationscomprise: providing, through the access nodes, the transaction text foreach of the one or more transactions when queried by the executionnodes. In some embodiments, the operations a decentralized computationsystem for providing secure and scalable decentralized computation forone or more decentralized applications comprises: a blockchain; and aplurality of nodes comprising a plurality of each of three specializednode types, the specialized node types comprising access nodes, securitynodes, and execution nodes; the access nodes configured to perform atleast: receiving one or more transactions from at least one client, theone or more transactions each comprising transaction text andcredentials; cryptographically signing a hash for each of thetransaction text of the one or more transactions based on adetermination that the one or more transactions are well-formed;providing the one or more signed hashes to the security node forvalidation; and providing a state response to the at least one client,the state response determined based on an output for a block; thesecurity nodes configured to perform at least: generating a candidateblock comprising the one or more signed hashes; finalizing the candidateblock by performing a Byzantine fault tolerance (BFT) consensusalgorithm to validate that a threshold number of access nodes determinedthat the one or more transactions were well-formed based on the one ormore signed hashes; and providing the finalized block to the executionnodes; and the execution nodes configured to perform at least:receiving, from the access nodes, the transaction text for each of theone or more transactions based on a query provided to the access nodes,the query determined according to the block; presenting a hashedcommitment of the output for the block to the other execution nodes, theoutput for the block determined based on the transaction text for eachof the one or more transactions; and revealing the output to the accessnodes when each of the other execution nodes has presented the outputfor the block: cryptographically signing, through the access nodes, ahash for each of the transaction text based on a determination that theone or more transactions are well-formed; and providing, through theaccess nodes, the one or more signed hashes to the security nodes forvalidation. In some embodiments, the operations comprise: checking,through the access nodes, the credentials of the one or moretransactions to determine that the one or more transactions arewell-formed. In some embodiments, the one or more signed hashes indicatethat the respective one or more transactions are well-formed and thatthe respective one or more transaction texts will be persisted until theexecution nodes have finished processing the one or more transactions.In some embodiments, the operations comprise: providing, through theaccess nodes, the one or more signed hashes to the security nodes when aconsensus is reached by the access nodes that the one or moretransactions are well-formed. In some embodiments, the operationscomprise: bundling, through the access nodes, the one or more signedhashes into a collection, wherein the one or more signed hashes areprovided to the security nodes for validation as the collection. In someembodiments, the operations comprise: gathering, through the securitynodes, the collection and other collections, provided by the accessnodes to generate the block. In some embodiments, the operationscomprise: providing, through the security nodes, the guarantee for theblock by performing the BFT consensus algorithm to: validate a thresholdnumber of access nodes determined that the one or more transactions werewell-formed based on the one or more signed hashes, and finalize theblock. In some embodiments, the operations comprise generating, with agroup of the security nodes, the block as a candidate block, the groupdetermined according to the BFT consensus algorithm. In someembodiments, the group comprises a subset of the security nodes. In someembodiments, the group comprises all of the security nodes. In someembodiments, the candidate block is generated by gathering, through thegroup of security nodes, the collection and other collections, providedby the access nodes. In some embodiments, the operations comprise:determining, through the execution nodes, a query according to thefinalized block; determining, through the access nodes, the transactiontext for each of the one or more transactions based on the query; anddetermining, through the execution nodes, a result for each of the oneor more transactions based on the transaction text for each of the oneor more transactions. In some embodiments, the operations comprise:determining, through the execution nodes, an output for the finalizedblock based on the transaction text for each of the one or moretransactions; presenting, through the execution nodes, a hashedcommitment of the output for the finalized block to the other executionnodes; and revealing, through the execution nodes, the output for thefinalized block to the access nodes when each of the other executionnodes have presented of the output for the finalized block. In someembodiments, the operations comprise: providing, through the accessnodes, a state response to the client, the state response determinedbased on the output for the finalized block. In some embodiments, thesecurity nodes comprise more nodes than the access nodes and the accessnodes comprise more nodes than the execution nodes. In some embodiments,each of the execution nodes has more computational power than each ofthe access nodes and each of the access nodes has more computationalpower than each of the security nodes. In some embodiments, theoperations comprise: receiving, through the access nodes, a hashedcommitment of an output for the block from the execution nodes; andproviding, through the access nodes, a query verifying the output forthe block to a set of the execution nodes. In some embodiments, theoperations comprise: providing, through the execution nodes, the outputfor the block in response to receiving the query verifying the outputfor the block. In some embodiments, the operations comprise: storing,through the access nodes, a cache of an output for the block; andproviding, to the client through the access nodes, results ofcomputations for the one or more transactions based on the output forthe block. In some embodiments, the operations comprise: storing,through the execution nodes, an entire canonical state of theblockchain. In some embodiments, the operations comprise: storing,through only the execution nodes, the entire canonical state of theblockchain. In some embodiments, the operations comprise: slashing theaccess nodes if they provide a signed hash for a transaction that isill-formed or if they fail to store a transactions text of the one ormore transactions. In some embodiments, the operations comprise:slashing the security nodes if they finalize an invalid block. In someembodiments, the operations comprise: providing secure and scalabledecentralized computation for one or more decentralized applications. Insome embodiments, the operations comprise: providing the decentralizedcomputation for the one or more decentralized applications withoutsharding or dividing a network into two or more subunits that interactasynchronously. In some embodiments, the decentralized computation forthe one or more decentralized applications comprises more than 1000 tps,more than 50,000 tps, or more than 100,000 tps. In some embodiments, theoperations comprise: providing decentralized computation for, more than10, more than 100, or more than 1000 decentralized applications. In someembodiments, the BFT consensus algorithm comprises a variant of CBC,Tendermint-derived SBFT, Hot Stuff, or Fantomette. In some embodiments,the finalized block determines an order of the transactions.

Additional aspects and advantages of the present disclosure will becomereadily apparent to those skilled in this art from the followingdetailed description, wherein only illustrative embodiments of thepresent disclosure are shown and described. As will be realized, thepresent disclosure is capable of other and different embodiments, andits several details are capable of modifications in various obviousrespects, all without departing from the disclosure. Accordingly, thedrawings and description are to be regarded as illustrative in nature,and not as restrictive.

BRIEF DESCRIPTION OF THE DRAWINGS

A better understanding of the features and advantages of the presentsubject matter will be obtained by reference to the following detaileddescription that sets forth illustrative embodiments and theaccompanying drawings of which:

FIG. 1 depicts a non-limiting example environment that can be employedto execute implementations of the present disclosure;

FIG. 2 depicts a non-limiting example of a general architecture for thedescribed decentralized computation system;

FIGS. 3A and 3B depict a non-limiting example process that can beimplemented by the various nodes in the described decentralizedcomputation system;

FIG. 4 depicts another non-limiting example process that can beimplemented by the various nodes in the described decentralizedcomputation system; and

FIG. 5 shows a non-limiting example of a processing device; in thiscase, a device with one or more CPUs, a memory, a communicationinterface, and a display.

DETAILED DESCRIPTION OF THE INVENTION

Described herein, in certain embodiments, are decentralized computationsystems for a for providing secure and scalable decentralizedcomputation for one or more decentralized applications comprises: ablockchain; and a plurality of nodes comprising a plurality of each ofthree specialized node types, the specialized node types comprisingaccess nodes, security nodes, and execution nodes; the access nodesconfigured to perform at least: receiving one or more transactions fromat least one client, the one or more transactions each comprisingtransaction text and credentials; cryptographically signing a hash foreach of the transaction text of the one or more transactions based on adetermination that the one or more transactions are well-formed;providing the one or more signed hashes to the security node forvalidation; and providing a state response to the at least one client,the state response determined based on an output for a block; thesecurity nodes configured to perform at least: generating a candidateblock comprising the one or more signed hashes; finalizing the candidateblock by performing a Byzantine fault tolerance (BFT) consensusalgorithm to validate that a threshold number of access nodes determinedthat the one or more transactions were well-formed based on the one ormore signed hashes; and providing the finalized block to the executionnodes; and the execution nodes configured to perform at least:receiving, from the access nodes, the transaction text for each of theone or more transactions based on a query provided to the access nodes,the query determined according to the block; presenting a hashedcommitment of the output for the block to the other execution nodes, theoutput for the block determined based on the transaction text for eachof the one or more transactions; and revealing the output to the accessnodes when each of the other execution nodes has presented the outputfor the block.

Also described herein, in certain embodiments, are decentralizedcomputation systems for adding a block to a blockchain comprises: accessnodes configured to receive, from a client, one or more transactions,determine that the one or more transactions are well-formed, and provideresponses to queries related to a canonical state for the blockchain;security nodes configured to provide a guarantee for the block through aBFT consensus algorithm employed to finalize the one or moretransactions; and execution nodes configured to determine a result foreach of the one or more transactions, once finalized, and store thecanonical state of the blockchain.

Also described herein, in certain embodiments, are computer-implementedmethods of adding a block to a blockchain comprising: receiving, througha plurality of access nodes, one or more transactions from a client;determine, through the access nodes, that the one or more transactionsare well-formed; providing, through a plurality of security nodes, aguarantee for the block through a BFT consensus algorithm employed tofinalize block; determining, through a plurality execution nodes, aresult for each of the one or more transactions, once the block isfinalized; storing, through the execution nodes, a canonical state of ablockchain; and providing, through the access nodes, responses toqueries related the canonical state for the blockchain.

Also described herein, in certain embodiments, are one or morenon-transitory computer-readable storage media coupled to one or moreprocessors and having instructions stored thereon which, when executedby the one or more processors, cause the one or more processors toperform operations to provide a secure and scalable decentralizedcomputation for one or more decentralized applications through aplurality of nodes comprising a plurality of each of three specializednode types, the specialized node types comprising access nodes, securitynodes, and execution nodes, the operations comprising: receiving,through a plurality of access nodes, one or more transactions from aclient; determine, through the access nodes, that the one or moretransactions are well-formed; providing, through a plurality of securitynodes, a guarantee for the block through a BFT consensus algorithmemployed to finalize block; determining, through a plurality executionnodes, a result for each of the one or more transactions, once the blockis finalized; storing, through the execution nodes, a canonical state ofa blockchain; and providing, through the access nodes, responses toqueries related the canonical state for the blockchain.

Distributed Ledger/Blockchain Overview

An example distributed ledger is the commonly known Blockchain (orblockchain). Blockchain is referenced within the present disclosure forpurposes of illustration. It is contemplated, however, that anyappropriate distributed ledger can be used in implementations of thepresent disclosure. A blockchain is a continuously growing list ofrecords or blocks that are linked and secured using cryptography. Eachblock within the blockchain may include transaction data provided fromtransactions that have been executed in one or more contexts, such asnegotiable instrument transactions, digital currency transactions, andso forth. In some examples, a transaction includes an agreement betweena buyer and seller, a supplier and a consumer, or a provider and aconsumer that there would be exchange of assets, products or services inlieu of currency, crypto-currency or some other asset either in presentor in future. In some examples, a single block may include transactiondata provided from multiple transactions (e.g., multiple deposits ofdifferent checks by different people). A blockchain may grow ascompleted blocks are added with a new set of transactions thus forming aledger of the transaction. Each block may include a hash pointer to aprevious block and a timestamp along with the transaction data in apermanent manner.

In some embodiments, the transactions in a block of a blockchain arehashed and encoded into a Merkle tree (e.g., the transactions are leafnodes of a Merkle tree). A Merkle tree (or hash-based tree) is ahash-based data structure that is a generalization of a hash list. AMerkle tree includes a tree structure in which each leaf node is aresult of a cryptographic hash function (CHF) applied to the transactionto generate a hash value or “hash” and each non-leaf node is labelledwith the cryptographic hash of the labels of its child nodes. ExampleCHFs include the secure hash algorithm 256 (SHA-256), SHA-3, and messagedigest 5 (MD5), among others. In general, the CHF receives informationas input, and provides a hash value as output. The hash value can be apredetermined length. For example, SHA-256 outputs a 256-bit (32-byte,64-character) hash value. In some examples, the hash value is a one-wayhash value, in that the hash value cannot be ‘un-hashed’ to determinewhat the input was. Additionally, a Merkle tree may be implemented as ak-ary tree, which is a rooted tree data structure in which each node hasno more than k children. For example, a Merkle tree may be implementedas binary tree where each node may have 0, 1, or 2 children. The Merkleroot (or root hash) of such a binary tree can be generated by repeatedlyhashing each pair of nodes until only one hash is left. In someexamples, when the number of transactions is odd, the last hash isduplicated once to create an even number of leaf nodes. If a singledetail in any of the transactions or the order of the transactionschanges, so does the Merkle root. As such, the Merkle root summarizesall of the data in the related transactions, and can be stored in ablock to maintain the integrity of the data. Thus the employment of aMerkle tree allows for a quick and simple test of whether a specifictransaction is included in the set or not.

In general, blocks are added to the blockchain in a linear,chronological order by one or more computing devices in a peer-to-peernetwork of interconnected computing devices that execute a blockchainprotocol. In short, the peer-to-peer network can be described as aplurality of interconnected nodes, each node being a computing devicethat uses a client to validate and relay transactions (e.g., deposits ofchecks). Each node maintains a copy of the blockchain, which isautomatically downloaded to the node upon joining the peer-to-peernetwork. The blockchain protocol provides a secure and reliable methodof updating the blockchain, copies of which are distributed across thepeer-to-peer network, without use of a central authority.

Because all entities on the blockchain network may need to know allprevious transactions (e.g., deposits, withdrawals, etc.) to validate arequested transaction, entities must agree on which transactions haveactually occurred, and in which order. For example, if two entitiesobserve different transaction histories, they will be unable to come tothe same conclusion regarding the validity of a transaction. Theblockchain enables the entities to come to an agreement as totransactions that have already occurred, and in which order. In short,and as described in further detail below, a ledger of transactions isagreed to based on the amount of work required to add a transaction tothe ledger of transactions (e.g., add a block to the blockchain). Inthis context, the work is a task that is difficult for any single node(e.g., computing device) in the peer-to-peer network to quicklycomplete, but is relatively easy for a node (e.g., computing device) toverify.

A typical peer-to-peer network includes so-called miners (e.g.,computing devices) that add blocks to a blockchain based on theblockchain protocol. In general, multiple miners validate transactionsthat are to be added to a block, and compete (e.g., perform work, asintroduced above) to have their block added to the blockchain.Validation of transactions includes verifying digital signaturesassociated with respective transactions. For a block to be added to theblockchain, a miner must demonstrate a PoW before their provided blockof transactions is accepted by the peer-to-peer network. A blockchainprotocol includes a PoW scheme that is based on a CHF. In someembodiments, the blockchain protocol can require multiple pieces ofinformation as input to the CHF. For example, the input to the CHF caninclude a reference to the previous (most recent) block in theblockchain, details of the transaction(s) that are to be included in theto be created block, and a nonce value.

Multiple nodes may compete to hash a set of transactions and provide thenext block that is to be added to the blockchain. The blockchainprotocol provides a threshold hash to qualify a block to be added to theblockchain. For example, the threshold hash can include a predefinednumber of zeros (0's) that the hash value must have at the beginning(e.g., at least the first four characters of the hash value must each bezero). The higher the number of zeros, the more time-consuming it is toarrive at a qualifying hash value.

In some blockchain-based platforms, for example, each block producingnode may go through a number of steps to create a candidate block. Forexample, a number of transactions are selected from a publicly-sharedpool of pending transactions. In some embodiments, the selectedtransactions are assigned in an order in, for example, a linear list.Typically, there is some mechanism to limit the maximum number oftransactions that can be included. In many embodiments, however, thereis no enforced minimum. Computations specified by the transactions areperformed. In some embodiments, each computation has access to a globalshared state, and can make certain changes to that shared state.Moreover, in some embodiments, the input of one transaction could dependon the output of another transaction. In such embodiments, it isimportant that these computations are strictly performed in order. Thetransactions are combined with a snapshot of the final canonical stateresulting from processing those transactions. The results are broadcastto the rest of the network. In some embodiments, the “snapshot” is ahash of the canonical state, and can be in the form of, for example, theroot node of a Merkle tree.

In some embodiments, each node in the network that receives a candidateblock verifies that the computations implied by the transaction listhave been computed correctly. These nodes re-perform all of thecomputations in the order specified by the candidate block. The nodesthen compare the snapshot of the final canonical state they havecomputed with the snapshot in the candidate block from the originalnode. If the snapshots match, the block is considered a valid candidate.

In unspent transaction output (UTXO) blockchains, such as Bitcoin, onlytransactions that successfully transfer tokens can be included in ablock. On the other hand, in state-model blockchains, like Ethereum, itis valid (and even common) to include transactions that fail. In someembodiments, these transactions are included in the block, but do notmodify the canonical state (aside from the payment of the transactionfees). Thus, a transaction that is “processed correctly” may notactually do what was intended by user initiating the transaction.

Once one or more valid candidate blocks are produced, the network usessome consensus mechanism for collectively agreeing on a single validcandidate. This is typically “proof-of-work” in current blockchains, butthere are many proposals for future networks—or evolutions of existingnetworks—that use “proof-of-stake”. The embodiments of the decentralizedcomputation system, described herein, work equally well with eitherfamily of consensus mechanisms, but is most powerful when coupled withinstant-finality, proof-of-stake consensus.

Certain Definitions

Unless otherwise defined, all technical terms used herein have the samemeaning as commonly understood by one of ordinary skill in the art towhich this invention belongs. As used in this specification and theappended claims, the singular forms “a,” “an,” and “the” include pluralreferences unless the context clearly dictates otherwise. Any referenceto “or” herein is intended to encompass “and/or” unless otherwisestated.

Smart contracts are digitization of the legal contracts and includeexecutable code which represents, for example, contract terms. As such,a smart contract not only defines the rules and penalties related to anagreement in the same way that a traditional contract does, but alsoautomatically enforces those obligations. A smart contract mayaccomplish this by taking information as input, assigning a value tothat input through the rules set out in the contract, and executing theactions required by those contractual clauses. For example, a smartcontract may determine whether an asset should be sent to a destinationentity or whether it should be returned to an originating entity. Smartcontracts may be coded in a programming language, such as Solidity™ Forexample, a smart contract may be programed to deliver payment when anitem is received. In this format, a contract is converted to computercode, stored and replicated on the system, and supervised by a networkof computers that run the blockchain. Smart contracts can store data.The data stored can be used to record information, fact, associations,balances and any other information needed to implement logic for realworld contracts. In some embodiments, a smart contract is deployed,stored, and executed within the virtual machine.

Composability is a system design principle that deals with theinter-relationships of components. For example, a highly composablesystem provides components that can be selected and assembled in variouscombinations to satisfy specific user requirements. In the context ofblockchain and smart contracts, composability includes the ability tochain together operations involving multiple independent smartcontracts. A recent example of composability is dY/dX, which is adecentralized protocol for financial derivatives built on the Ethereumblockchain. dY/dX allows for decentralized margin trading by enablingcollateralized loans. A typical dY/dX transaction combines at leastthree separate smart contracts: The core dY/dX contract itself, adecentralized exchange like 0x, and at least one Ethereum Request forComment (ERC)-20 token such as DAI.

Sharding is a concept that's widely used in databases, to make them morescalable. More recently, sharding has been employed for blockchain toimprove transaction speed in the blockchain. Generally, “sharding” referto a variety of scaling proposals that divide the network into a seriesof subunits which interact asynchronously. In a database context, forexample, sharding is a method for horizontally partitioning data withina database. More generally, the database is broken into little piecescalled “shards”, that when aggregated together form the originaldatabase. In distributed blockchain networks, the network consists of aseries of nodes connected in a peer to peer format, with no centralauthority. In some examples, of blockchain systems, each node stores allstates of the network and processes all of the transactions. While thisprovides the high level security through decentralization, especially inPoW systems such as Bitcoin and Ethereum®, it leads to legitimatescaling problems. For example, a full node in the Ethereum networkstores the entire state of the blockchain, including account balances,storage, and contract code. Unfortunately as the number of participantsincreases linearly, the inter-communication overhead between themincreases at an exponential pace. This limitation is due to thecommunication needed between the nodes needed to reach consensus. Nodesin the network do not have special privileges and every node in thenetwork stores and processes every transaction. As a result, in anetwork the size of Ethereum's, issues such as high gas costs and longertransaction confirmation times become noticeable problems when thenetwork is strained. The network is only as fast as the individual nodesrather than the sum of its parts. As such, sharding helps to alleviatethese issues. The concept involves grouping subsets of nodes into shardsthat in turn process transactions specific to that shard. Employment ofthis type of architecture allows a system to process many transactionsin parallel.

A consensus algorithm or protocol is a set of rules that describe howthe communication and transmission of data between electronic devices,such as nodes, works. Consensus is achieved when enough devices are inagreement about what is true and what should be recorded onto ablockchain. Therefore, consensus protocols are the governing rules thatallow devices that are scattered across the world to factually come toan agreement, allowing a blockchain network to function without beingcorrupted.

A BFT consensus algorithm, in context of distributed systems, includesthe ability of a distributed computer network, such as the peer to peernetwork of nodes in the described decentralized computation system, tofunction as desired and correctly reach a sufficient consensus despitemalicious components (nodes) of the system failing or propagatingincorrect information to other peers. The objective is to defend againstcatastrophic system failures by mitigating the influence these maliciousnodes have on the correct function of the network and the rightconsensus that is reached by the honest nodes in the system.

In some embodiments, to slash a network participant is to punish themfor failing to follow the rules set out for the network. Punishment maybe in the form of a fine applied to funds they have put in escrow, orstaked.

System Overview

As described above, in some embodiments, the described decentralizedcomputation system divides nodes in the network into three distinctroles: Access, Security, and Execution. This separation of concernsenables high throughput without sacrificing synchrony, in an environmentthat maintains the access, security, reliability, and verifiabilityguarantees that characterize and uphold the integrity of a decentralizedsystem. In some embodiments, the core relationship between the differentnode types is one of checks and balances, which ensures strong consensuson transaction inclusion, order, and output, and determines thecanonical state of history. One of the challenges of this approach iscoordinating three separate groups of nodes and ensuring efficientinteractions between them.

In some embodiments, the described decentralized computation systemprovides the transaction capacity and computational throughput tosupport a thriving and engaging ecosystem that may be made available tomass market audiences (e.g., billions of active users). Just how farcurrent networks are from achieving this goal became apparent with thelaunch of CryptoKitties®. With fewer than thirty thousand active users,CryptoKitties disrupted the Ethereum network resulting in week-longtransaction processing times for some users. The technology had missed,by many orders of magnitude, the capacity to survive broad adoption. Insome embodiments, the described decentralized computation system handlesas many as one million tps at maturity.

The described decentralized computation system does not sacrificepractical utility. In particular, in some embodiments, the systempreserves fully synchronous communication between smart contracts. Fullsynchrony ensures that inter-contract communications retain ACIDguarantees for correctness (Atomicity, Consistency, Isolation,Durability), without complex locking schemes prone to error orexploitation. In short, synchrony is required for one smart contract tobe sure that another smart contract is executed correctly, and to allowindependent smart contracts to be composed into complex systems withoutsacrificing safety.

Long-term, sustained decentralization is one aspect provided by thedescribed decentralized computation system. Many blockchain enabledsystems treat decentralization as optional or cosmetic, rather than acore value of the system. While this may result in some quick wins inthe short term, those systems are likely to degrade over time. Moreover,without explicit incentives otherwise, valuable systems with any degreeof centralization tend towards further centralization. The qualities ofdecentralization provided by the described decentralized computationsystem include: access, security, reliability, and verifiability.

In some embodiments, the described decentralized computation systemprovides access through the ability to use the system resources of thenetwork at a fixed cost (provided a user is able to pay for theirusage). Such access provides that there is no actor, or plausible cabalof actors, that can deny any class of users from using the network, orwho can prioritize some traffic over others.

In some embodiments, the described decentralized computation systemmaintains security by ensuring that each honest participant in thenetwork has the same view of history as every other honest participant,and that this historical record cannot be modified after-the-fact.

Reliability includes the assurance that the rules of the system areapplied uniformly, strictly enforced, and can change only inpredictable, transparent ways. In some embodiments, the describeddecentralized computation system provides reliability by ensuring thatthere is no actor, or plausible cabal of actors, that can change theserules in a way without allowing users of the system to opt-out of thosechanges (through a hard fork, for example).

In some embodiments, the described decentralized computation system isverifiable in that it allows for transparency of all actions. As such,anyone can confirm, using, for example, computer resources under theirown control, that the protocol (and the rules defined within theprotocol) has been followed correctly. This implicitly includes theability to see all on-chain activity.

The described decentralized computation system guarantee of access,security, reliability, and verifiability, captures a much broader set ofbenefits from a decentralized environment. For example, guaranteeingaccess ensures anyone can join the network and easily understand therules to which the network is bound. Moreover, a secure network enactsthose rules without fail. This combination produces an environment inwhich users can reason about the system and, with a known set of inputs,reliably predict and ultimately verify an outcome. Together, theserequirements provide the robust criteria needed to achieve fulldecentralization and the associated benefits of transparency, autonomy,interoperability, and immutability.

FIGURES

FIG. 1 depicts an example environment 100 that can be employed toexecute implementations of the present disclosure. The example system100 includes computing devices 102, 104, 106, 108, and a network 110,which may be used to form a peer-to-peer network. In some embodiments,the network 110 includes a local area network (LAN), wide area network(WAN), the Internet, or a combination thereof, and connects devices(e.g., the computing devices 102, 104, 106, 108). In some embodiments,the network 110 can be accessed over a wired and/or a wirelesscommunications link. For example, mobile computing devices (e.g., thesmartphone device 102 and the tablet device 104), can use a cellularnetwork to access the network 110. In some examples, the users 122-128may be working as user agents that employ agent software to interactwith the decentralized computation system. For example, the users mayemploy their respective devices 102-108 to provide transaction or tofunction as nodes in the described system. In other examples, the users122-128.

The computing devices 102, 104, 106 may each include any appropriatetype of computing device such as a desktop computer, a laptop computer,a handheld computer, a tablet computer, a personal digital assistant(PDA), a cellular telephone, a network appliance, a camera, a smartphone, an enhanced general packet radio service (EGPRS) mobile phone, amedia player, a navigation device, an email device, a game console, oran appropriate combination of any two or more of these devices or otherdata processing devices. In the depicted example, the computing device102 is a smartphone, the computing device 104 is a tablet-computingdevice, and the computing device 106 is a desktop computing device.

The server computing device 108 may include any appropriate type ofcomputing device, such as described above for computing devices 102-106as well as computing devices with server-class hardware. In someembodiments, the server computing device 108 may include computersystems using clustered computers and components to act as a single poolof seamless resources. For example, such implementations may be used indata center, and cloud computing. In some embodiments, back-end system130 is deployed using a virtual machine(s).

Four devices 102-108 are depicted in FIG. 1 for simplicity. It iscontemplated, however, that implementations of the present disclosurecan be realized with any of the appropriate computing devices, such asthose mentioned previously. Moreover, implementations of the presentdisclosure can employ any number of devices functioning as nodes in apeer-to-peer network.

In some embodiments, the computing devices 102-108 are deployed as nodeswithin the described decentralized computation system and form apeer-to-peer network. For example, the computing devices 102-108 may beemployed within the described decentralized computation as an accessnode, a security node, or an execution node, within the formedpeer-to-peer network (see FIG. 2). In some embodiments, the formedpeer-to-peer network is a distributed network where each network node(e.g., computing devices 102-108) is connected to every other node onthe network directly or indirectly. As such, information (e.g.,transactions) can be shared directly between nodes without the need of acentral server. In some embodiments, the nodes employ a peer-to-peerprotocol to communicate.

In some embodiments, the blockchain 150 is a decentralized blockchainthat may be stored on each of the computing devices 102-108. In someembodiments, a set of the computing devices stored the blockchain 150.The blockchain 150 includes blocks that comprise transactions. In someembodiments, such transactions are received, verified and executed bythe described decentralized computation system. In some embodiments, thetransactions stored to the blockchain 150 include smart contracts. Insome embodiments, a smart contract may be extended with customfunctionality and invoked as a part of a transaction by an executionnode within the formed peer-to-peer network (see FIG. 2) For example,the computing devices 102-108 may be used by respective users 122-126 toreceive transactions to be processed and stored within a block on theblockchain 150. In some embodiments, the computing devices 102-108employ a virtual machine as an execution runtime to execute smartcontract code. For example, such mechanism allows transitions from onestate to another: given a certain block (in which a number oftransactions are stored), and given a state s, performing thecomputation will bring the machine into a new state s′. In someembodiments, the state transition mechanism consists of accessingtransaction-related accounts, computing operations, and updating/writingthe state of the virtual machine. Whatever is executed on the virtualmachine (e.g., smart contract code) will alter its state. In someembodiments, after executing all the transactions of a block, thecurrent state will be stored. See the description of FIG. 2 below withregard to the differentiation of nodes and each's function within theformed peer-to-peer network.

FIG. 2 depicts an example of a general architecture 200 for thedescribed decentralized computation system, which can be deployedthrough, for example, the example environment 100 of FIG. 1. The generalarchitecture 200 includes a client 202, access nodes 210, security nodes220, and execution nodes 230, which may be deployed through a device,such as devices 102-108 of FIG. 1. In some embodiments, the access nodes210 maintain network availability for the client 202 and answer queriesrelated to the world state. In some embodiments, the security nodes 220ensure the safety of the network by participating in a BFT consensusalgorithm, which provides strong guarantees for blocks. In someembodiments, the execution nodes process the blocks (finalized blocks225) once received from the security nodes 220. In some embodiments, theexecution nodes function as the nodes with the most specializedrequirements, provide the computational power to determine the result oftransactions, such as transaction 205, finalized by the security nodes220, and store a resultant world state. A more detailed explanation ofthese roles is provided below.

In some embodiments, the described decentralized computation systememploys a decentralized blockchain, such as the blockchain 150 ofFIG. 1. In some embodiments, the job of a decentralized blockchain canbe divided into a variety of component functions; some of thosefunctions are fully deterministic and have an objectively correctoutput, and some of those tasks are subjective and require network-levelconsensus. The distinction between these two kinds of functions is whatmakes the separation of concerns so powerful. One of the breakthroughsof blockchain is that it allowed for the creation of an autonomous,leaderless, and decentralized system to reliably come to networkconsensus on something that is naturally subjective: what transactionsare included in the shared state, and in what order (the “transactionlog”). In some embodiments, such a subjective task either requires anall-powerful central authority to dictate the transaction log, or one ofthe many consensus systems that allow a decentralized network todetermine a shared view of a canonical transaction log. Two other keytasks of a blockchain are not subjective, and are fully deterministic:storing the transaction log, and determining the world state thatresults from a correct application of the contents of the log inconsensus order. The primary bottlenecks preventing blockchains fromreaching consumer scale fall into this second category.

In some embodiments, the described decentralized computation system isdesigned so that all Byzantine faults in deterministic processes havefour important attributes: detectability, attributably, punishably, andcorrectability. In some embodiments, a deterministic process has anobjectively correct output. Meaning even a single, honest node in thenetwork can detect deterministic faults, and prove the error to allother honest nodes by asking them to recreate part of the process thatwas executed incorrectly. Moreover, in some embodiments, thedeterministic processes in the described decentralized computationsystem are assigned to nodes using a VRF. As such, any error that hasbeen detected can be clearly attributed to those nodes that wereresponsible for that process. In some embodiments, all nodesparticipating in the described decentralized computation system, even indeterministic processes, must put up a stake that can be slashed if theyare found to have exhibited Byzantine behavior. Since all errors indeterministic processes are trivially detectable and attributable, thoseerrors can be reliably punished via slashing. In some embodiments, thedescribed system must have a means to quickly undo errors as soon asthey are detected. This serves to deter malicious actors from inducingerrors that benefit them more than the slashing penalty.

The design of the described system was informed by the insight that manyparticipants are needed to support the non-deterministic parts of theprocess, while far fewer are needed for deterministic processes becausetheir properties dictate definitive detection, and, therefore, thepunishment of those who do not adhere to the protocol. Therefore, thedescribed system separates out deterministic processes (as depicted inFIG. 2) and assigns them to fewer, more powerful participants who arescrutinized by a broad audience. Fewer nodes make the deterministicelements of the network much more efficient, especially for executingcomputation. For example, one proof of concept shows that this approachcan achieve more than 100,000 tps, without any degradation of securityguarantees. The proof of concept for performance in a testbed setup as aheterogeneous network of more than 30 nodes running in 11 different datacenters on five continents. This is just one example of the improvementspossible when problems are separated into their deterministic andnondeterministic parts, and assigned accordingly.

In some embodiments, the access nodes 210 mediate information exchangewith the world outside the described decentralized computation system,ensuring systematic and timely communications regarding both state andhistory. In some embodiments, the access nodes 210 are tasked withmanaging the transaction pool and collecting well-formed transactions,such as transaction 205 from the client 202, to provide to the securitynodes 220. In some embodiments, a well-formed transaction must includecredentials from a guarantor of the transaction. In some embodiments,when an access node 210 sees a well-formed transaction, it hashes thetext of that transaction and signs the transaction to indicate twothings: first, that it is well-formed, and second, that it will committo storing the transaction text until the execution nodes 230 havefinished processing it. In some embodiments, when a critical number ofaccess nodes 210 have reviewed the transaction and concluded it iswell-formed, they pass it to the security nodes 220 for review.

In some embodiments, after both the security nodes 220 and the executionnodes 230 have built and processed a block, the access nodes 210 maketheir second appearance in the process to query the execution nodes 230for their output (e.g., the results of computations). In someembodiments, the access nodes 210 store a cache of that output receivedfrom the execution nodes 230. In some embodiments, the access nodes 210provide the client 202 with the cached results (e.g., the state response245) of computations without having to burden the execution nodes 230with more direct queries. In some embodiments, a VRF determines whichoutputs from the execution nodes 230 that the access nodes 210 mustquery to check they were computed correctly. Ultimately, the accessnodes 210 keep the execution nodes 230 “honest”; this balance of powermaintains the access, security, and verifiability criteria ofdecentralization provided by the described system. The providedprotocols and underlying structures of the system are highly BFTbecause, in some embodiments even if there are a substantial number ofbyzantine errors in the pool of access node 210, the security nodes 220are still required to approve the transactions they signed were reviewedby a critical amount of the network.

In some embodiments, the access nodes 210 require high levels ofbandwidth and low latency to communicate with the public as theirqueries and transactions must be answered and captured, respectively. Insome embodiments, the access nodes 210 (e.g., the users 122-128 ofFIG. 1) are paid a flat fee for every transaction they guarantee, andfor each they successfully verify. In some embodiments, the access nodes210 are slashed if they provide collections that are ill-formed, or ifthey fail to store the transaction text they said they would hold.

In some embodiments, the security nodes 220 participate in the consensusalgorithm employed by the described system to achieve block finality toensure the integrity of the blockchain. In this context, finalityincludes a finalized block 225 of transactions that have been signed bya critical majority and are confirmed to be both well-formed and storedby the access nodes 210. In some embodiments, the security nodes 220contribute primarily to security and scale, as they are able to votequickly on candidate blocks 215 that set the order necessary to know thedeterministic output of a transaction. In some embodiments, the securitynodes 220 validate that the signed transaction hashes submitted to themby the access nodes 210 are signed by a critical mass of access nodes asrequired by the described system. In some embodiments, the critical massof access nodes is determined by a configurable threshold value.

In some embodiments, once the security nodes 220 have successfully cometo consensus that the transactions presented were signed by the criticalnumber of the access nodes 210, the transactions are deemed a finalizedblock 225. The security of the process within the described systemrelies on the security of the underlying consensus algorithm, the keyconsiderations of which are speed and the ability to support a largenumber of participants. In some embodiments, the consensus algorithmemployed by the described decentralized computation system includes avariant of Casper CBC, Tendermint-derived SBFT, Hot Stuff, Fantomette,or others well suited to support many participants. In some embodiments,the finalized block determines the order of the included transactions.In some embodiments, the ordering of transactions is based on the orderof collections, and of ordering of the transactions within collections.In some embodiments, the ordering of these elements in turn is via apseudo-random algorithm executed by the proposing node.

In some embodiments, the security nodes 220 provide a checkpoint againstthe access nodes 210 because they are the group checking that a criticalnumber of the access nodes 210 reviewed and signed for the transaction.In some embodiments, the security nodes 220 are notably held accountableonly by fellow security nodes 220. A common concern with PoW- andPoS-based systems is that a small subset of the population can controlimportant resources, such as the mining or stake needed to produce andvote on blocks, which is a degradation of the security of the system. Insome embodiments, by lowering the requirements to participate, thedescribed decentralized computation system makes it extremely difficultand expensive to, for example, coordinate a Byzantine cartel.

In some embodiments, the security nodes 220 have minimal bandwidth andcomputation requirements, allowing even a modest computing device, suchas a smartphone or a low-power ARM® system, to participate in the votingprocess and ensure the safety of the network. Many networks claim openparticipation although substantial resources—stake, computation, orotherwise—are needed to partake. Maintaining such a threshold underminesthe security of the network. Lowering the participation requirements,such as described above for the security nodes 220, preserves thecoordination problem, which is central to providing a high degree of BFTbecause it's exceedingly difficult for a subset of bad actors to subvertthe network. In some embodiments, the security nodes 220 are paid forall the transaction they include in a block. In some embodiments,participating in the consensus process requires these nodes to put upstake, which is slashed if they sign an invalid block. In someembodiments, an invalid block fails to have the critical number ofsignatures from the access nodes 210.

In some embodiments, the execution nodes 230 compute the outputs of thefinalized blocks 225 they are provided. In some embodiments, theexecution nodes 230 execute a candidate block 215 that has beenfinalized and provided by the security nodes 220 (finalized block 225).In some embodiments, the execution nodes 230 query the access nodes 210for the transaction text that matches the hash they have been providedby the security nodes 220. With this data, the execution nodes 230 areable to compute the output, which, in some embodiments, is laterrandomly queried by a by a randomly assigned subset of access nodes 210to ensure honesty. In some embodiments, the execution nodes 230 areprimarily responsible for the describe system's improvements in scaleand efficiency because only a very small number of these powerfulcomputer resources are required to compute and store the historicalstate.

In some embodiments, one of the execution nodes 230 presents a hashedcommitment once it has computed the output of the finalized block 225 ora subset of the transactions within the finalized block 225. In someembodiments, this output is only revealed once its co-executors, (e.g.,other execution nodes 230 as determined by, for example, a VRF), havealso submitted their outputs. This is important to ensure nodes are notspoofing each other's work. In some embodiments, once the executionnodes 230 have submitted their answers, the output is revealed. In someembodiments, once revealed, the output is subject to random queries andchecks run by the access nodes 210. In some embodiments, the executionnodes 230 have relatively low BFT. However, this does not compromise theoverall security of the system because the process they perform isdeterministic. For example, any bad actor will easily be detected andpunished by the access nodes 210.

In some embodiments, this relatively small group of nodes (the executionnodes 230) has the most substantial technical requirements for processorspeed and bandwidth because they are tasked with all the computationsnecessary to determine the output of the network. In some embodiments,allowing for this degree of specialization can reduce computation costsby at least one thousand times, and possibly much more, when compared toEthereum.

In some embodiments, although the execution nodes 230 are responsiblefor computing and storing the entire world state of the blockchain, theexecution nodes 230 are not required to answer all external queriesabout that state. In some embodiments, the execution nodes 230 mustanswer the access nodes 210 at least once during the verification periodto confirm their output. In some embodiments, this query provides theaccess nodes 210 the answer (e.g., the state response 245) for futurequeries from the client 202, such as described above, which spares theexecution nodes 230 of those excess queries burdening them in thefuture. However, in some embodiments, the execution nodes 230 can bepunished (e.g., slashed) if they fail to provide answers about theiroutput to the access nodes 210 when prompted. In some embodiments, theexecution nodes 230 are paid for their work at the end of theverification period, once their outputs have been verified. In someembodiments, the costs charged by the execution nodes 230 varies bycomputation, and is likely to be based on the number of instructions thecomputation required.

In some embodiments, the common thread between these different nodetypes (access 210, security 220, and execution 230) is theirrelationship to, and authority over, the state held by the network. Forexample, in some embodiments, the entirety of the world state is held byeach and every execution node 230 in order to perform computations. Insome embodiments, once the execution nodes 230 have run the computationsand determined the output, they update the world state after which it isvalidated by the access nodes 210. In some embodiments, the executionnodes 230 must provide a Merkle proof for the output state in question.This complexity allowed for the validation of the integrity of theoutputs.

In some embodiments, the access nodes 210 cache the most recentlyupdated or accessed data in a sharded fashion (the cached state 240),with each access node 210 holding a fraction of the overall canonicalstate 235. This cached state 240 ensures data is easily accessible toanswer user queries (e.g., provide the answer state 245 to the clients202) in the event the execution nodes 230 are busy and cannot answer.This ability to provide answers more quickly ensures access and theverifiability of the network for the public. In some embodiments, theaccess nodes 210 are also responsible for holding transaction data untila transaction is processed and the result verified by the executionnodes 230. In some embodiments, once processed, the transaction itselfbecomes part of the canonical state 245 and the access nodes 210 are nolonger required to store the cached state 240 (e.g., the transactiontext).

In some embodiments, when a transaction is generated (e.g., by one ofthe client devices 202) it includes: explicit code to be run and/orexplicit data (e.g., a smart contract), and credentials from the accountpaying for the transaction, which can be different from the user accountgenerating the transaction or the data holder. In some embodiments, thistransaction is submitted to the network, where it is processed by theaccess nodes 210 to, for example, check the credentials. In someembodiments, the access nodes 210 sign the transaction to commit toholding that transaction until the execution nodes 230 have processed itand their output has been verified. In some embodiments, once a criticalmass of the access nodes 210 have signed the transaction, it is passedto the security nodes 220 to verify two things: 1) that a critical massof access nodes 210 have seen the transaction, agreed to store it, andconfirmed it is well formed, and 2) that the security nodes 220 willnever confirm another block at that height, unless they are providedwith proof that what they previously published was invalid.

In some embodiments, the security nodes 220 follow a BFT consensusalgorithm to agree on the finalized block 225. In some embodiments, oncea candidate block 205 is finalized by the security nodes 220, thefinalized block 225 is passed to the execution nodes 230 forcomputation. In some embodiments, a VRF is employed to determine asubset of the execution nodes 230 that are responsible for computingeach finalized block 225. In some embodiments, once an execution node230 has computed the output, the execution node 230 produces a hashedcommitment of the result. In some embodiments, when all of the selectednodes (e.g., the execution nodes in the determined subset) havesubmitted their commitments, they reveal the unencrypted result output.In some embodiments, when this output is shown to be the same from allof the participating execution nodes 230, each of the access nodes 210uses a VRF to select a small number of transactions to be verified. Insome embodiments, once the answer is provided to the access nodes 210they cache it to answer future queries from the client 202. For example,when a user wants to retrieve a state from the system, they pose a query(e.g., through the client 202) to an access nodes 210. For example, thequery may be in a form such as “what is the contents of this register atthis block height?” In some embodiments, the access nodes 210 willeither fulfill the query through the cached state they hold, or theywill query the execution nodes 230 for the output.

In some embodiments, a transaction, and the respective block that it isinclude within, will be considered canonized only after a verificationperiod is over. In some embodiments, during the verification period, forexample, the results are open to both the access nodes 210 and thepublic to submit proofs of an incorrect output. In some embodiments, averification period may be up to a few hours long.

In some embodiments, by dividing the architecture of the describeddecentralized computation system as described above, three key benefitsare achieved: synchrony, efficiency, and scale. For example, developingin a decentralized environment comes with many uncertainties fordevelopers, not the least of which is reading from data that changesbefore they can write to it. With this in mind, strong serializabilityguarantees, an outcome equivalent to a sequential schedule withoutoverlapping transactions, are one of the most important things adecentralized development environment, such as an environment providedby the described decentralized computation system can offer. Bycommitting to the order of transactions, transactions can appear to havebeen executed in an absolute order so that a developer can reason aboutthe system, even if some were executed in parallel to improvethroughput. Some systems resort to locking mechanisms to preserveserializability, especially when transactions move between shards. Insome embodiments, the described decentralized computation systemprotocol's agreement on order before Execution Nodes determine output,however, ensures that once a transaction is ordered, there is certaintyabout its outcome.

In some embodiments, to efficiently employ resources, the describeddecentralized computation system comprises a PoS-based system and isdesigned to eliminate as many redundant tasks as possible. For example,in a classic blockchain implementation, every node is required to reviewevery transaction and store all the states. By dividing deterministicand non-deterministic tasks, and assigning them to resources that canspecialize in their respective execution, the throughput of thedescribed decentralized computation system is immensely improved.

In some embodiments, at an architecture level, the security of thedescribed decentralized computation system provided by 1) the divisionof power and accountability between the three different node types, 2)the high degree of participation supported by the consensus algorithm,and 3) designating the access nodes 210 as the interfaces of thenetwork. These design elements surface differently to address each ofthe common attacks decentralized systems often face. The access andverifiability requirements of the described decentralized computationsystem ensure both the broader network and the public are able to verifythe process and dispute it during the verification period. While theoutput of a computation is deterministic, in some embodiments, once itsorder is set in the finalized block 225, a verification period remainsfor the state to be recomputed in the event that a provable error issubmitted to the network, thus ensuring the opportunity fordetectability. For example, in some embodiments, the access nodes 210sign every transaction to assure a signatory guarantor exists to pay forthe transaction, guaranteeing attribution. In some embodiments, allnodes are staked relative to the value they stand to lose if they areremoved from that part of the network, which assures punishment (e.g.,slashed) if an infraction is committed.

In the blockchain context, censorship resistance means that it is verydifficult for one group to deny another group's access to the network.As such, in some embodiments, a role of the access nodes 210 is toguarantee access and ensure that anyone can audit and submittransactions. In addition to the architecture-level measures put inplace to combat censorship, in some embodiments the security nodes 220only see transaction hashes. Therefore, in such embodiments, for thesecurity nodes 220 to censor a transaction, they would need to know thehash of its signatories, data, and actions. In some embodiments, thesecurity nodes are generally prevented from undermining the describedsystem by the sheer volume of co-participants. Thus, collusion on anyproblem would be extremely difficult to coordinate.

In some embodiments, the security nodes 220 protect against a doublespend attack. For example, in some embodiments, broad participation inthis group materially decreases the risk of a small group colluding tohonor an alternative block at the same height. For example, when thispool of nodes is presented with a group of transactions, they come toconsensus on both a sufficient number of the access nodes 210 signingthe group, and on that group forming the only block they will honor atthat height—both at that moment and in the future. In some embodiments,any other block presented will be rejected by the network, unless afraud proof to reject the block for one at a competing height issuccessfully submitted during the verification period.

In a front running attack, an adversarial node decides it isadvantageous to insert its transaction before another. Such a move couldbe as simple as placing a higher bid in front of a competing bid, or asdevious as strategically inserting a transaction to falsely manipulateits output. To combat this, in some embodiments, the execution nodes 230perform a VRF to compute the order of the transactions. This ensures theorder of the transactions is neither knowable nor able to be dictated byanyone until after the transaction has already been deterministicallyordered.

In some embodiments, the access nodes 210 and the security nodes 220each have a say in the transactions included in a block. In suchembodiments, when either group is able to set the order of transactionsbeforehand, it presents an opportunity for them to exploit that orderand prioritize their own transactions. By requiring the execution nodesto execute a VRF to reveal the canonical order of the transactions (thecanonical state 235) in some embodiments, there is no way for nodes tomanipulate the sequence. In some embodiments, parameters used todetermine the VRF will be deterministic and dependent on an output fromthe security nodes 220.

Resistance to a potential flurry of fake accounts and activities is onecritical aspect to maintaining the throughput of the network as suchmalicious transactions can cause immense strain on the nodes. In someembodiments, as the interface of the network, the access nodes are awareof the balance of each of the accounts signing a transaction. In someembodiments, a user who pays for transactions must also hold a minimumbalance to submit a transaction to insure against spam.

In some embodiments, the first process performed by the access nodes 210is to determine the list of transactions that should be submitted to thesecurity nodes 220 for inclusion in a block, and the order in which theyshould occur. This process is a “pure consensus problem” where there aremany possible answers to this problem, each of which is equally “right.”However, the network must agree on a single answer because differentchoices would lead to different canonical state. Once the ordered listof transactions has been agreed upon, however, there is a single,objectively-correct answer as to what canonical state will result fromprocessing those transactions. For example, any node that processes thattransaction list without errors will, by definition, end up with exactlythe same canonical state as any other node that correctly processes thatsame transaction list. Note: blockchain computations must be fullydeterministic, to allow them to be verified by other nodes. Thus, thereare two very different problems, with two very different performanceprofiles. First, the ordering process is a pure consensus problem thatcan be solved by a variety of BFT consensus algorithms. In someembodiments, such a process requires a lot communication betweenconsensus nodes, but is not computationally complex. Network securitycomes directly from this process as the more nodes that are involved inthis process, the harder it is to subvert the chain. Second, in someembodiments, the computation process requires very powerful nodes whenthe network is busy, but it does not need a large number of them asanyone can objectively “check the work” of a compute node and prove anerror if it occurs. In some embodiments, when a node presents an invalidoutput, it loses some or all of its stake and the incorrectly processedcomputations can be re-run with honest nodes. The result of the aboveprocess, in some embodiments, is a single, unsharded network that isable to achieve maximum throughput without any degradation of securitydue to centralization.

FIGS. 3A and 3B depict a flowchart of an example process 300. FIG. 4depicts a flowchart of an example process 400. The example processes 300and 400 can be implemented by the various nodes (as described above inFIG. 2) in the described decentralized computation system. The exampleprocesses 300 and 400 shows in more detail communication as well as theseparation of work between the client 202, the access nodes 210, thesecurity nodes 220, and the execution nodes 230. The flowchartsgenerally show how a transaction is processed, executed, and stored tothe blockchain within the described decentralized computation system.For clarity of presentation, the description that follows generallydescribes the example processes 300 and 400 in the context of FIGS. 1,2, and 5. However, it will be understood that the processes 300 and 400may be performed, for example, by any other suitable system,environment, software, and hardware, or a combination of systems,environments, software, and hardware as appropriate. In someembodiments, various operations of the processes 300 and 400 can be runin parallel, in combination, in loops, or in any order.

In some embodiments of the example processes 300 and 400, the securitynodes 220 comprise more nodes than the access nodes 210 and the accessnodes 210 comprise more nodes than the execution nodes 230. In someembodiments of the example processes 300 and 400, each of the executionnodes 230 has more computational power than each of the access nodes 210and each of the access nodes 210 has more computational power than eachof the security nodes 220.

In some embodiments of the example processes 300 and 400, the executionnodes 230 store an entire canonical state of the blockchain. In someembodiments of the example processes 300 and 400, only the executionnodes 230 store the entire canonical state of the blockchain. In someembodiments of the example processes 300 and 400, the access nodes 210are slashed if they provide a signed hash for a transaction that isill-formed. In some embodiments of the example processes 300 and 400,the access nodes 210 are slashed if they fail to store the transactiontext of the one or more transactions. In some embodiments of the exampleprocesses 300 and 400, the security nodes 220 are slashed if theyfinalize an invalid block 215. In some embodiments of the exampleprocesses 300 and 400, the described decentralized computation systemprovides the decentralized computation for the one or more decentralizedapplications without sharding or dividing a network into two or moresubunits that interact asynchronously. In some embodiments of theexample processes 300 and 400, the described decentralized computationsystem provides the decentralized computation for, more than 10, morethan 100, or more than 1000 decentralized applications. In someembodiments of the example processes 300 and 400, the decentralizedcomputation for the one or more decentralized applications comprisesmore than 1000 tps, more than 50,000 tps, or more than 100,000 tps. Forexample comparisons, alternative blockchains systems process thefollowing number of tps: Bitcoin: 7 tps, Ethereum: 15 tps, Cosmos: 200tps.

For process 300 as depicted in FIGS. 3A and 3B, at 302, the access nodes210 receive a transaction from the client 202. In some embodiments, thetransaction comprises transaction text and credentials. In someembodiments, the credentials are for a guarantor of the one or moretransactions. From 302, the process 300 proceeds to 304.

At 304, the access nodes 210 determine that the transaction iswell-formed. In some embodiments, the access nodes 210 determine thatthe one or more transactions are well-formed by checking the credentialsof the one or more transactions. From 304, the process 300 proceeds to306.

At 306, the access nodes 210 cryptographically sign a hash for thetransaction text based on the determination that the transaction iswell-formed. In some embodiments, the one or more signed hashes indicatethat the transaction is well-formed and that the transaction text willbe persisted until the execution nodes 230 have finished processing thetransaction. From 306, the process 300 proceeds to 308.

At 308, the access nodes 210 provide the signed hash to the securitynodes 220. In some embodiments, the access nodes 210 provide the signedhash to the security nodes 220 when a consensus is reached by the accessnodes that the transaction is well-formed. In some embodiments, theaccess nodes 210 bundle the signed hash into a collection with signedhashes from other received transactions. In some embodiments, the signedhashes are provided to the security nodes for validation as thecollection. From 308, the process 300 proceeds to 310.

At 310, the security nodes 220 generate a candidate block comprising theone or more signed hashes. In some embodiments, the candidate block isgenerated by a group of the security nodes 220, the group determinedaccording to the BFT consensus algorithm. In some embodiments, the groupcomprises a subset of the security nodes. In some embodiments, the groupcomprises all of the security nodes. From 310, the process 300 proceedsto 312.

At 312, the security nodes 220 finalizing the candidate block byperforming a Byzantine fault tolerance (BFT) consensus algorithm tovalidate that a threshold number of access nodes determined that the oneor more transactions were well-formed based on the one or more signedhashes. In some embodiments, the BFT consensus algorithm is a variant ofCBC, Tendermint-derived SBFT, Hot Stuff, or Fantomette. In someembodiments, the finalized block determines an order of transactions.From 312, the process 300 proceeds to 314.

At 314, the security nodes 220 provide the finalized block to theexecution nodes 330. In some embodiments, the security nodes 220 gatherthe collection and other collections, provided by the access nodes togenerate the block. From 314, the process 300 proceeds to 316.

At 316, the execution nodes 230 provide a query determined according tothe block to the access nodes 210. From 316, the process 300 proceeds to318.

At 318, the access nodes 210 provide, to the execution nodes 230, thetransaction text of the transactions based on the provided query. From318, the process 300 proceeds to 320.

At 320, the execution nodes 230 determine an output for the block basedon the transaction text. From 320, the process 300 proceeds to 322.

At 322, the execution nodes 230 present a hashed commitment of theoutput for the block to the other execution nodes 230. In someembodiments, the transaction text is persisted by the access nodes untilthe execution nodes provide the hashed commitment of the output for theblock. In some embodiments, the access nodes 210 receive the hashedcommitment of the output for the block from the execution nodes 230; andprovide a query verifying the output for the block to a set of theexecution nodes 230. In some embodiments, the execution nodes 230provide the output for the block to the access nodes 210 in response toreceiving the query verifying the output for the block From 322, theprocess 300 proceeds to 324.

At 324, the execution nodes 230 reveal the output to the access nodes210 when each of the other execution nodes 230 has presented the outputfor the block. From 324, the process 300 proceeds to 326.

At 326, the access node 210 provides a state response determined basedon the output for the block to the client 202. In some embodiments, theaccess nodes 210 store a cache of the output for the block; and provide,to the client, results of computations for the one or more transactionsbased on the output for the block. From 326, the process 300 ends.

For process 400 as depicted in FIG. 4, at 402, the access nodes 210receive, from the client 202, one or more transactions. In someembodiments, the one or more transactions each comprise transaction textand credentials. In some embodiments, the credentials are for aguarantor of the one or more transactions. From 402, the process 400proceeds to 404.

At 404, the access nodes 210 determine that the one or more transactionsare well-formed. In some embodiments, the access nodes 210cryptographically sign a hash for each of the transaction text based ona determination that the one or more transactions are well-formed andprovide the one or more signed hashes to the security nodes 220 forvalidation. In some embodiments, the access nodes 210 determine that theone or more transactions are well-formed by checking the credentials ofthe one or more transactions. In some embodiments, the one or moresigned hashes of the transaction text of the one or more transactionsindicate that the respective one or more transactions are well-formedand that the respective one or more transaction texts will be persisteduntil the execution nodes have finished processing the one or moretransactions. In some embodiments, the access nodes 210 bundle the oneor more signed hashes into a collection. In some embodiments, the one ormore signed hashes are provided to the security nodes 230 for validationas the collection. In some embodiments, the security nodes 230 gatherthe collection and other collections, provided by the access nodes togenerate the block. In some embodiments, the access nodes 210 providethe one or more signed hashes to the security nodes when a consensus isreached by the access nodes that the one or more transactions arewell-formed. In some embodiments, the access nodes 210 persist thetransaction text for each of the one or more transactions until theexecution nodes present the hashed commitment of the output for thefinalized block. In some embodiments, the access nodes 210 provide thetransaction text for each of the one or more transactions when queriedby the execution nodes. In some embodiments, the access nodes 210receive a hashed commitment of an output for the block, and provide aquery verifying the output for the block to a set of the executionnodes. From 404, the process 400 proceeds to 406.

At 406, the security nodes 220 provide a guarantee for a block through aBFT consensus algorithm employed to finalize the block. In someembodiments, the block comprises the one or more signed hashes. In someembodiments, the security nodes 320 provide the guarantee for the blockby performing the BFT consensus algorithm to: validate a thresholdnumber of access nodes determined that the one or more transactions werewell-formed based on the one or more signed hashes, and finalize theblock. In some embodiments, the block is generated with a group of thesecurity nodes 320 as a candidate block. In some embodiments, the groupdetermined according to the BFT consensus algorithm. In someembodiments, the group comprises a subset of the security nodes. In someembodiments, the group comprises all of the security nodes 320. In someembodiments, the candidate block is generated by gathering, through thegroup of security nodes 320, the collection and other collections,provided by the access nodes 210. In some embodiments, the BFT consensusalgorithm comprises a variant of CBC, Tendermint-derived SBFT, HotStuff, or Fantomette. In some embodiments, the finalized blockdetermines an order of the transactions. From 406, the process 400proceeds to 408.

At 408, the execution nodes 230 determine a result for each of the oneor more transactions once the block is finalized. In some embodiments,execution nodes 230 provide a query determined according to thefinalized block to the access nodes 210 and determine a result for eachof the one or more transactions by receiving, from the access nodes, thetransaction text for each of the one or more transactions based on thequery. From 408, the process 400 proceeds to 410.

At 410, the execution nodes 230 store the canonical state of theblockchain. In some embodiments, execution nodes 230 determine an outputfor the finalized block based on the transaction text for each of theone or more transactions; present a hashed commitment of the output forthe finalized block to the other execution nodes; and reveal the outputfor the finalized block to the access nodes when each of the otherexecution nodes has presented the output for the finalized block. Insome embodiments, execution nodes 230 provide the output for the blockto the access nodes in response to receiving the query verifying theoutput for the block. From 410, the process 400 proceeds to 412.

At 412, the access nodes 210 provide responses to queries related to astate for the blockchain. In some embodiments, the access nodes 210provide a state response to the client, the state response determinedbased on the output for the finalized block. In some embodiments, theaccess nodes 210 store a cache of an output for the block, and provide,to the client, results of computations for the one or more transactionsbased on the output for the block. From 412, the process 400 ends.

Processing Devices and Processors

In some embodiments, the platforms, systems, media, and methodsdescribed herein include a processing devices, processors, or use of thesame. In further embodiments, the processing device includes one or morehardware central processing units (CPUs) or general purpose graphicsprocessing units (GPUs) that carry out the device's functions. In stillfurther embodiments, the processing device further comprises anoperating system configured to perform executable instructions. In someembodiments, the processing device is optionally connected a computernetwork. In further embodiments, the processing device is optionallyconnected to the Internet such that it accesses the World Wide Web. Instill further embodiments, the processing device is optionally connectedto a cloud computing infrastructure. In other embodiments, theprocessing device is optionally connected to an intranet. In otherembodiments, the processing device is optionally connected to a datastorage device.

In accordance with the description herein, suitable processing devicesinclude, by way of non-limiting examples, cloud computing resources,server computers, server clusters, desktop computers, laptop computers,notebook computers, sub-notebook computers, netbook computers, netpadcomputers, handheld computers, mobile smartphones, and tablet computers.

In some embodiments, the processing device includes an operating systemconfigured to perform executable instructions. The operating system is,for example, software, including programs and data, which manages thedevice's hardware and provides services for execution of applications.Those of skill in the art will recognize that suitable server operatingsystems include, by way of non-limiting examples, FreeBSD, OpenBSD,NetBSD®, Linux, Apple® Mac OS X Server®, Oracle® Solaris®, WindowsServer®, and Novell® NetWare®. Those of skill in the art will recognizethat suitable personal computer operating systems include, by way ofnon-limiting examples, Microsoft® Windows®, Apple® Mac OS X®, UNIX®, andUNIX-like operating systems such as GNU/Linux®. In some embodiments, theoperating system is provided by cloud computing. Those of skill in theart will also recognize that suitable mobile smartphone operatingsystems include, by way of non-limiting examples, Nokia® Symbian® OS,Apple® iOS®, Research In Motion® BlackBerry OS®, Google® Android®,Microsoft® Windows Phone® OS, Microsoft® Windows Mobile® OS, Linux®, andPalm® WebOS®.

In some embodiments, the processing device includes a storage and/ormemory device. The storage and/or memory device is one or more physicalapparatuses used to store data or programs on a temporary or permanentbasis. In some embodiments, the device is volatile memory and requirespower to maintain stored information. In some embodiments, the device isnon-volatile memory and retains stored information when the processingdevice is not powered. In further embodiments, the non-volatile memorycomprises flash memory. In some embodiments, the non-volatile memorycomprises dynamic random-access memory (DRAM). In some embodiments, thenon-volatile memory comprises ferroelectric random access memory (FRAM).In some embodiments, the non-volatile memory comprises phase-changerandom access memory (PRAM). In other embodiments, the device is astorage device including, by way of non-limiting examples, CD-ROMs,DVDs, flash memory devices, magnetic disk drives, magnetic tapes drives,optical disk drives, and cloud computing based storage. In furtherembodiments, the storage and/or memory device is a combination ofdevices such as those disclosed herein.

In some embodiments, the processing device includes a display to sendvisual information to a user. In some embodiments, the display is acathode ray tube (CRT). In some embodiments, the display is a liquidcrystal display (LCD). In further embodiments, the display is a thinfilm transistor liquid crystal display (TFT-LCD). In some embodiments,the display is an organic light emitting diode (OLED) display. Invarious further embodiments, on OLED display is a passive-matrix OLED(PMOLED) or active-matrix OLED (AMOLED) display.

In some embodiments, the processing device includes an input device toreceive information from a user. In some embodiments, the input deviceis a keyboard. In some embodiments, the input device is a pointingdevice including, by way of non-limiting examples, a mouse, trackball,track pad, joystick, game controller, or stylus. In some embodiments,the input device is a touch screen or a multi-touch screen. In otherembodiments, the input device is a microphone to capture voice or othersound input. In other embodiments, the input device is a video camera orother sensor to capture motion or visual input. In still furtherembodiments, the input device is a combination of devices such as thosedisclosed herein.

Referring to FIG. 5, in a particular embodiment 500, an exemplaryprocessing device 501 is programmed or otherwise configured to, forexample, dynamically load data provider connector modules and/orrequest, procure, process, analyze, persist and/or provide one or moredata records. In this embodiment, the processing device 501 includes acentral processing unit (CPU, also “processor” and “computer processor”herein) 505, which can be a single core or multi core processor, or aplurality of processors for parallel processing. The processing device101 also includes memory or memory location 510 (e.g., random-accessmemory, read-only memory, flash memory), electronic storage unit 515(e.g., hard disk), communication interface 520 (e.g., network adapter)for communicating with one or more other systems, and peripheral devices525, such as cache, other memory, data storage and/or electronic displayadapters. The memory 510, storage unit 515, interface 520 and peripheraldevices 525 are in communication with the CPU 505 through acommunication bus (solid lines), such as a motherboard. The storage unit515 can be a data storage unit (or data repository) for storing data.The processing device 501 can be operatively coupled to a computernetwork (“network”) 530 with the aid of the communication interface 520.The network 530 can be the Internet, an internet and/or extranet, or anintranet and/or extranet that is in communication with the Internet. Thenetwork 530 in some cases is a telecommunication and/or data network.The network 530 can include one or more computer servers, serverclusters and/or distributed computing resources, providing, for examplecloud computing. The network 530, in some cases with the aid of thedevice 501, can implement a peer-to-peer network, which may enabledevices coupled to the device 501 to behave as a client or a server.

In some embodiments, the CPU 505 can execute a sequence ofmachine-readable instructions, which can be embodied in a program orsoftware. The instructions may be stored in a memory location, such asthe memory 510. The instructions can be directed to the CPU 505, whichcan subsequently program or otherwise configure the CPU 505 to implementmethods of the present disclosure. The CPU 505 can be part of a circuit,such as an integrated circuit. One or more other components of thedevice 501 can be included in the circuit. In some cases, the circuit isan application specific integrated circuit (ASIC) or a fieldprogrammable gate array (FPGA).

In some embodiments, the storage unit 515 can store files, such asdrivers, libraries and saved programs. The storage unit 515 can storeuser data, e.g., user preferences and user programs. The processingdevice 501 in some cases can include one or more additional data storageunits that are external, such as located on a remote server, remoteserver cluster, network attached storage, or the like, that is incommunication through an intranet or the Internet.

In some embodiments, methods as described herein can be implemented byway of machine (e.g., computer processor) executable code stored on anelectronic storage location of the processing device 501, such as, forexample, on the memory 510 or electronic storage unit 515. The machineexecutable or machine readable code can be provided in the form ofsoftware. During use, the code can be executed by the processor 505. Insome cases, the code can be retrieved from the storage unit 515 andstored on the memory 510 for ready access by the processor 505. In somesituations, the electronic storage unit 515 can be precluded, andmachine-executable instructions are stored on memory 510. In someembodiments, the code is pre-compiled. In some embodiments, the code iscompiled during runtime. The code can be supplied in a programminglanguage that can be selected to enable the code to execute in apre-compiled or as-compiled fashion.

In some embodiments, the computing device 510 can include or be incommunication with an electronic display 535. In some embodiments, theelectronic display 535 provides a user interface (UI) 540.

Non-Transitory Computer Readable Storage Medium

In some embodiments, the platforms, systems, media, and methodsdisclosed herein include one or more non-transitory computer readablestorage media encoded with a program including instructions executableby the operating system of an optionally networked processing device. Infurther embodiments, a computer readable storage medium is a tangiblecomponent of a processing device. In still further embodiments, acomputer readable storage medium is optionally removable from aprocessing device. In some embodiments, a computer readable storagemedium includes, by way of non-limiting examples, CD-ROMs, DVDs, flashmemory devices, solid state memory, magnetic disk drives, magnetic tapedrives, optical disk drives, distributed computing systems includingcloud computing systems and services, and the like. In some cases, theprogram and instructions are permanently, substantially permanently,semi-permanently, or non-transitorily encoded on the media.

Computer Program

In some embodiments, the platforms, systems, media, and methodsdisclosed herein include at least one computer program, or use of thesame. A computer program includes a sequence of instructions, executablein the processing device's CPU, written to perform one or more specifiedtasks. Computer readable instructions may be implemented as programmodules, such as functions, objects, Application Programming Interfaces(APIs), data structures, and the like, that perform particular tasks orimplement particular abstract data types. In light of the disclosureprovided herein, those of skill in the art will recognize that acomputer program may be written in various versions of variouslanguages.

The functionality of the computer readable instructions may be combinedor distributed as desired in various environments. In some embodiments,a computer program comprises one sequence of instructions. In someembodiments, a computer program comprises a plurality of sequences ofinstructions. In some embodiments, a computer program is provided fromone location. In other embodiments, a computer program is provided froma plurality of locations. In various embodiments, a computer programincludes one or more software modules. In various embodiments, acomputer program includes, in part or in whole, one or more webapplications, one or more mobile applications, one or more standaloneapplications, one or more web browser plug-ins, extensions, add-ins, oradd-ons, or combinations thereof.

Web Application

In some embodiments, a computer program includes a web application. Inlight of the disclosure provided herein, those of skill in the art willrecognize that a web application, in various embodiments, utilizes oneor more software frameworks and one or more database systems. In someembodiments, a web application is created upon a software framework suchas Microsoft®.NET or Ruby on Rails (RoR). In some embodiments, a webapplication utilizes one or more database systems including, by way ofnon-limiting examples, relational, non-relational, object oriented,associative, and XML database systems. In further embodiments, suitablerelational database systems include, by way of non-limiting examples,Microsoft® SQL Server, mySQL™, and Oracle®. Those of skill in the artwill also recognize that a web application, in various embodiments, iswritten in one or more versions of one or more languages. A webapplication may be written in one or more markup languages, presentationdefinition languages, client-side scripting languages, server-sidecoding languages, database query languages, or combinations thereof. Insome embodiments, a web application is written to some extent in amarkup language such as Hypertext Markup Language (HTML), ExtensibleHypertext Markup Language (XHTML), or eXtensible Markup Language (XML).In some embodiments, a web application is written to some extent in apresentation definition language such as Cascading Style Sheets (CSS).In some embodiments, a web application is written to some extent in aclient-side scripting language such as Asynchronous JavaScript and XML(AJAX), Flash® ActionScript, Javascript, or Silverlight®. In someembodiments, a web application is written to some extent in aserver-side coding language such as Active Server Pages (ASP),ColdFusion®, Perl, Java™, JavaServer Pages (JSP), Hypertext Preprocessor(PHP), Python™, Ruby, Tcl, Smalltalk, WebDNA®, or Groovy. In someembodiments, a web application is written to some extent in a databasequery language such as Structured Query Language (SQL). In someembodiments, a web application integrates enterprise server productssuch as IBM® Lotus Domino®. In some embodiments, a web applicationincludes a media player element. In various further embodiments, a mediaplayer element utilizes one or more of many suitable multimediatechnologies including, by way of non-limiting examples, Adobe® Flash®,HTML 5, Apple® QuickTime®, Microsoft® Silverlight®, Java™, and Unity®.

Mobile Application

In some embodiments, a computer program includes a mobile applicationprovided to a mobile processing device. In some embodiments, the mobileapplication is provided to a mobile processing device at the time it ismanufactured. In other embodiments, the mobile application is providedto a mobile processing device via the computer network described herein.

In view of the disclosure provided herein, a mobile application iscreated by techniques known to those of skill in the art using hardware,languages, and development environments known to the art. Those of skillin the art will recognize that mobile applications are written inseveral languages. Suitable programming languages include, by way ofnon-limiting examples, C, C++, C#, Objective-C, Java™, Javascript,Pascal, Object Pascal, Python™, Ruby, VB.NET, WML, and XHTML/HTML withor without CSS, or combinations thereof.

Suitable mobile application development environments are available fromseveral sources. Commercially available development environmentsinclude, by way of non-limiting examples, AirplaySDK, alcheMo,Appcelerator®, Celsius, Bedrock, Flash Lite, .NET Compact Framework,Rhomobile, and WorkLight Mobile Platform. Other development environmentsare available without cost including, by way of non-limiting examples,Lazarus, MobiFlex, MoSync, and Phonegap. Also, mobile devicemanufacturers distribute software developer kits including, by way ofnon-limiting examples, iPhone and iPad (iOS) SDK, Android™ SDK,BlackBerry® SDK, BREW SDK, Palm® OS SDK, Symbian SDK, webOS SDK, andWindows® Mobile SDK.

Those of skill in the art will recognize that several commercial forumsare available for distribution of mobile applications including, by wayof non-limiting examples, Apple® App Store, Google® Play, ChromeWebStore, BlackBerry® App World, App Store for Palm devices, App Catalogfor webOS, Windows® Marketplace for Mobile, Ovi Store for Nokia®devices, Samsung® Apps, and Nintendo® DSi Shop.

Software Modules

In some embodiments, the platforms, systems, media, and methodsdisclosed herein include software, server, and/or database modules, oruse of the same. In view of the disclosure provided herein, softwaremodules are created by techniques known to those of skill in the artusing machines, software, and languages known to the art. The softwaremodules disclosed herein are implemented in a multitude of ways. Invarious embodiments, a software module comprises a file, a section ofcode, a programming object, a programming structure, or combinationsthereof. In further various embodiments, a software module comprises aplurality of files, a plurality of sections of code, a plurality ofprogramming objects, a plurality of programming structures, orcombinations thereof. In various embodiments, the one or more softwaremodules comprise, by way of non-limiting examples, a web application, amobile application, and a standalone application. In some embodiments,software modules are in one computer program or application. In otherembodiments, software modules are in more than one computer program orapplication. In some embodiments, software modules are hosted on onemachine. In other embodiments, software modules are hosted on more thanone machine. In further embodiments, software modules are hosted oncloud computing platforms. In some embodiments, software modules arehosted on one or more machines in one location. In other embodiments,software modules are hosted on one or more machines in more than onelocation.

Databases

In some embodiments, the platforms, systems, media, and methodsdisclosed herein include one or more databases, or use of the same. Inview of the disclosure provided herein, those of skill in the art willrecognize that many databases are suitable for storage and retrieval ofdata records. In various embodiments, suitable databases include, by wayof non-limiting examples, relational databases, non-relationaldatabases, object oriented databases, object databases,entity-relationship model databases, associative databases, and XMLdatabases. Further non-limiting examples include SQL, PostgreSQL, MySQL,MongoDB, Oracle, DB2, and Sybase. In some embodiments, a database isweb-based. In still further embodiments, a database is cloudcomputing-based. In other embodiments, a database is based on one ormore local computer storage devices.

What is claimed is:
 1. A decentralized computation system for providingsecure and scalable decentralized computation for one or moredecentralized applications, the system comprising: a blockchain; and aplurality of nodes comprising a plurality of each of three specializednode types, the specialized node types comprising access nodes, securitynodes, and execution nodes; the access nodes configured to perform atleast: a) receiving one or more transactions from at least one client,the one or more transactions each comprising transaction text andcredentials; b) cryptographically signing a hash for each of thetransaction text of the one or more transactions based on adetermination that the one or more transactions are well-formed; c)providing the one or more signed hashes to the security nodes forvalidation; and d) providing a state response to the at least oneclient, the state response determined based on an output for a finalizedblock; the security nodes configured to perform at least: a) generatinga candidate block comprising the one or more signed hashes; b)finalizing the candidate block by performing a Byzantine fault tolerance(BFT) consensus algorithm to validate that a threshold number of accessnodes determined that the one or more transactions were well-formedbased on the one or more signed hashes; and c) providing the finalizedblock to the execution nodes; and the execution nodes configured toperform at least: a) receiving, from the access nodes, the transactiontext for each of the one or more transactions based on a query providedto the access nodes, the query determined according to the finalizedblock; b) presenting a hashed commitment of the output for the finalizedblock to other execution nodes, the output for the finalized blockdetermined based on the transaction text for each of the one or moretransactions; and c) revealing the output to the access nodes when eachof the other execution nodes has presented the output for the finalizedblock.
 2. The system of claim 1, wherein the access nodes are configuredto perform at least: providing the one or more signed hashes to thesecurity nodes when a consensus is reached by the access nodes that theone or more transactions are well-formed.
 3. The system of claim 1,wherein the each of the transaction text of the one or more transactionsare persisted by the access nodes until the execution nodes provide thehashed commitment of the output for the finalized block.
 4. The systemof claim 3, wherein the access nodes are configured to perform at least:providing the transaction text for each of the one or more transactionswhen queried by the execution nodes.
 5. The system of claim 1, whereinthe access nodes are configured to perform at least: a) receiving thehashed commitment of the output for the finalized block from theexecution nodes; and b) providing a second query verifying the outputfor the finalized block to a set of the execution nodes; and wherein theexecution nodes are configured to perform at least: a) providing theoutput for the finalized block to the access nodes in response toreceiving the second query verifying the output for the finalized block.6. The system of claim 1, wherein the access nodes are configured toperform at least: a) storing a cache of the output for the finalizedblock; and b) providing, to the at least one client, results ofcomputations for the one or more transactions based on the output forthe finalized block.
 7. The system of claim 1, wherein the credentialsare for a guarantor of the one or more transactions, and wherein theaccess nodes are configured to perform at least: a) determining that theone or more transactions are well-formed by checking the credentials ofthe one or more transactions.
 8. The system of claim 1, wherein theaccess nodes are slashed if they provide a signed hash for a transactionthat is ill-formed or if they fail to store the transaction text of theone or more transactions, and wherein the security nodes are slashed ifthey finalize an invalid candidate block.
 9. The system of claim 1,wherein the system provides the decentralized computation for the one ormore decentralized applications without sharding or dividing a networkinto two or more subunits that interact asynchronously.
 10. The systemof claim 1, wherein the system provides the decentralized computationfor, more than 10, more than 100, or more than 1000 decentralizedapplications.
 11. The system of claim 1, wherein the decentralizedcomputation for the one or more decentralized applications comprisesmore than 1000 transactions-per-second (tps), more than 50,000 tps, ormore than 100,000 tps.
 12. The system of claim 1, wherein the BFTconsensus algorithm comprises a variant of Caspercorrect-by-construction (CBC), Tendermint-derived scalable BFT (SBFT),Hot Stuff, or Fantomette.
 13. The system of claim 1, wherein the accessnodes are configured to perform at least: a) bundling the one or moresigned hashes into a collection, wherein the one or more signed hashesare provided to the security nodes for validation as the collection. 14.The system of claim 13, wherein the security nodes are configured toperform at least: a) gathering the collection and other collections,provided by the access nodes to generate the candidate block.
 15. Thesystem of claim 1, wherein the candidate block is generated by a groupof the security nodes, the group determined according to the BFTconsensus algorithm.
 16. The system of claim 15, wherein the groupcomprises a subset of the security nodes.
 17. The system of claim 15,wherein the group comprises all of the security nodes.
 18. The system ofclaim 1, wherein the finalized block determines an order of the one ormore transactions.